2.2.3 Event Log Policies

There are three types of event log policies:

  • System log

  • Security log

  • Application log

 The ABNF for each of them MUST be as follows.

 Header = "[" HeaderValue "]" LineBreak
 HeaderValue = "System Log" / "Security Log" / "Application Log"
 Settings = Setting / Setting Settings
 Setting = Key Wsp "=" Wsp Value LineBreak
 Key = "MaximumLogSize" / "AuditLogRetentionPeriod" 
       / "RetentionDays" / "RestrictGuestAccess"
            
 Value = 1*8DIGIT

The following table provides an explanation for each of the valid key values.

Note All numerical values are decimal unless explicitly specified otherwise, or unless preceded by 0x.

Setting key

Explanation

MaximumLogSize

The log size, in kilobytes, MUST be less than or equal to this value.

The value MUST be between 64 and 4194240.

AuditLogRetentionPeriod

Specifies the type of retention period to be applied to the specific log. The retention method MUST be one of the following:

  • A value of "0" indicates to overwrite events as needed.

  • A value of "1" indicates to overwrite events as specified by the RetentionDays entry.

  • A value of "2" indicates to never overwrite events (clear log manually).

Any other value is invalid.

RetentionDays

The number of days that System, Security, and Application log events MUST be retained before being overwritten by new events. Only valid if option AuditLogRetentionPeriod = 1. The value MUST be between 1 and 365.

RestrictGuestAccess

A flag that indicates whether or not users with Guest privileges can have access to System, Security, and Application logs.<3>

  • A value of "0" indicates that guest access to System, Security, and Application logs is not restricted.

  • A nonzero value indicates that guest access to System, Security, and Application logs is restricted.